• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Taking Hold of Your Signal - Critical Flaw Discovered in WPA2 Wi-Fi Security

transpondster

New Member
Joined
Sep 22, 2017
Messages
2 (0.00/day)
What does "client side" mean here?
I have an antenna/AP/something on the roof I get internet from. Should I be worried it will get hacked by this?

probably yes, sounds like WiFi client.

Similarly, should I disable wifi on all the routers in the house?

you must remove clients (pc/phone/printer/whatever) from WiFi network that are not updated. Basically change WiFi password and add only clients that are updated. BTW why you have routers in house?
 
Joined
Jul 10, 2017
Messages
2,671 (1.09/day)
The WiFi encryption is independent of HTTPS going through it. The amount of critical webpages even allowing non encrypted traffic is becoming ridiculously small, so that trick to force it to downgrade back to normal HTTP is super unlikely. So, realistic chances for someone "hacking" you this way efficiently are incredibly small. It would require a very targeted attack for which home computers are frankly not worth it.

This again proves AES 256 is still very much secure, it's the handshake that was intercepted in this case. Technically, if they fix the handshake thingie, the problem is solved until someone else figures out other method.
Many other protocols running wild in the home network has no built-in security. They rely on the security of the underlying layers like WiFi, which in this case is compromised.
 
Joined
Mar 10, 2015
Messages
3,984 (1.20/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Great job showing all the details of the hack, so making it so popular that even an average Joe can now hack WPA2 Networks....

Actually, this was reviewed and disclosed back in May.
 
Joined
Mar 6, 2017
Messages
3,204 (1.24/day)
Location
North East Ohio, USA
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
Good luck getting patches for Android phones, even the discontinued Windows Phone may get speedier patches :(
And that's the reason why I dumped that steaming pile of crap that is Android and went with the Apple iPhone instead. Guaranteed software updates for at least four years no matter where you are in the world or what carrier you have. You get the same iOS updates the same day everyone across the world gets it.

Thank goodness for unlocked bootloaders and LineageOS.
Yeah, if you're lucky your device has an unlocked bootloader like most Google branded devices have but if you have either a Samsung, LG, or HTC device... um, that's not the case.
 
Last edited:
Joined
Sep 15, 2011
Messages
6,457 (1.41/day)
Processor Intel® Core™ i7-13700K
Motherboard Gigabyte Z790 Aorus Elite AX
Cooling Noctua NH-D15
Memory 32GB(2x16) DDR5@6600MHz G-Skill Trident Z5
Video Card(s) ZOTAC GAMING GeForce RTX 3080 AMP Holo
Storage 2TB SK Platinum P41 SSD + 4TB SanDisk Ultra SSD + 500GB Samsung 840 EVO SSD
Display(s) Acer Predator X34 3440x1440@100Hz G-Sync
Case NZXT PHANTOM410-BK
Audio Device(s) Creative X-Fi Titanium PCIe
Power Supply Corsair 850W
Mouse Logitech Hero G502 SE
Software Windows 11 Pro - 64bit
Benchmark Scores 30FPS in NFS:Rivals
Does this apply to WPA-2 Enterprise which uses certificates?
 
Joined
Mar 6, 2017
Messages
3,204 (1.24/day)
Location
North East Ohio, USA
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
Joined
Jul 5, 2013
Messages
25,559 (6.52/day)
Don't think most consumer devices will get update for this flaw. Mostly enterprise grade wifi AP will updated in next few weeks.
Not all consumer/enterprise devices have the flaw as this vulnerability requires that the serving device be forced to accept an older, previously used key. Not all wifi serving devices[routers and AP's] do this and not all client devices[PC's, tablet's and phones] do it either. While this flaw exists in the WPA/WPA2 protocol, each device can be configured independently to use, or not use, individual features of the protocol. What is and is not vulnerable is going greatly depend on how each device is configured to implement the key renewal procedure. Additionally, because there are different ways to renew a key based on how it was issued, exploiting a device is doing to require that the attacker know what they are doing. "Script-kiddies" and amateurs are not going to be able to pull it off.
But why the AP? Every WiFi enabled device does the handshake and should be vulnerable, if I understood what this flaw does.
As stated above, it depends on how a device handles the key renewal. Handshaking is only one part of a very complex procedure.
That article is misunderstanding and misinterpreting the known facts and thus comes to a conclusion that is as flawed as the protocol they are discussing. Again, how the WPA protocol is implemented will define what device is and is not vulnerable. Not all devices can be exploited and as such not all devices need updating.
Good luck getting patches for Android phones, even the discontinued Windows Phone may get speedier patches :(
Most Windows phones, ironically, are already patched due to the discovery of a related vulnerability. Additionally Android phones with 4.4.4 or earlier are NOT vulnerable. 5.0 is. 5.1 is not. 6.0.x is. 7.0.x is. 7.1.x is not. Some Linux distro's are already patched as well. Hell, even Windows Xp is ok.

The devil is in the details and while this is serious problem not everyone should panic. Wifi serving devices[routers and AP's] are going to be the most important type of devices to patch. Once that group is patched the flaw will be mitigated because the serving device controls the key exchange and renewal. While a client device can still be exploited, once patched a serving device will reject key streams from a tampered device, thus forcing a disconnection and reinitialization which forces a complete key reset. The effected device will then try to reconnect and the serving device will create a new key that is unknown to the attacker.

It should be noted that this vulnerability is completely unrelated to the known problems with router password capturing due to packet sniffing and MAC address spoofing vulnerabilities inherent within the WPA/WPA2 protocols. However, those can only be used to gain access to a wifi connection and steal internet. They can not be used to view the data traffic coming in and out of the network itself. That is what makes "KRACK" so scary.
 
Last edited:

bug

Joined
May 22, 2015
Messages
13,163 (4.07/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
Thanks for your input. In the end, it is a client problem, but luckily not every client is automatically vulnerable. That is actually a big relief.
 
Joined
Aug 4, 2017
Messages
66 (0.03/day)
As much as I have read, the only fix is to patch and the providers or companies need to release the patch for all the vulnerable devices but this post suggests that using a VPN can also help if the provider whose device you own has not yet released the patch or ain't releasing it. Does it makes sense?
 

bug

Joined
May 22, 2015
Messages
13,163 (4.07/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
As much as I have read, the only fix is to patch and the providers or companies need to release the patch for all the vulnerable devices but this post suggests that using a VPN can also help if the provider whose device you own has not yet released the patch or ain't releasing it. Does it makes sense?
If you absolutely need to get something done and you're not sure of your equipment, a VPN will help. But VPNs are slow, nobody wants to run through a VPN 24/7.
 
Joined
Jun 13, 2012
Messages
1,316 (0.31/day)
Processor i7-13700k
Motherboard Asus Tuf Gaming z790-plus
Cooling Coolermaster Hyper 212 RGB
Memory Corsair Vengeance RGB 32GB DDR5 7000mhz
Video Card(s) Asus Dual Geforce RTX 4070 Super ( 2800mhz @ 1.0volt, ~60mhz overlock -.1volts. 180-190watt draw)
Storage 1x Samsung 980 Pro PCIe4 NVme, 2x Samsung 1tb 850evo SSD, 3x WD drives, 2 seagate
Display(s) Acer Predator XB273u 27inch IPS G-Sync 165hz
Power Supply Corsair RMx Series RM850x (OCZ Z series PSU retired after 13 years of service)
Mouse Logitech G502 hero
Keyboard Logitech G710+
If you absolutely need to get something done and you're not sure of your equipment, a VPN will help. But VPNs are slow, nobody wants to run through a VPN 24/7.
Depends on the VPN provider you get a decent one they will be just as fast as if you are not using it.
 
Joined
Feb 9, 2009
Messages
1,618 (0.29/day)
Yeah, if you're lucky your device has an unlocked bootloader like most Google branded devices have but if you have either a Samsung, LG, or HTC device... um, that's not the case.
why are you false?

https://wiki.lineageos.org/devices/ so much samsung, lg, htc...

https://stats.lineageos.org/ so much non-google used, the first to appear is TENTH place

Most Windows phones, ironically, are already patched due to the discovery of a related vulnerability. Additionally Android phones with 4.4.4 or earlier are NOT vulnerable. 5.0 is. 5.1 is not. 6.0.x is. 7.0.x is. 7.1.x is not. Some Linux distro's are already patched as well.
https://review.lineageos.org/#/q/topic:krack-n+(status:merged) but there are multiple, if 7.1 is not affected, why did lineage put the fixes into 7.1? fedora didnt patch until the day of or day after
 
Joined
Jul 5, 2013
Messages
25,559 (6.52/day)
https://review.lineageos.org/#/q/topic:krack-n+(status:merged) but there are multiple, if 7.1 is not affected, why did lineage put the fixes into 7.1? fedora didnt patch until the day of or day after
That lineageOS link doesn't open, however, and I couldn't find a reference in their current posts. Not saying that it's not there, just didn't find it myself. However, they may have proactively patched existing code with known fixes just in case. As for Fedora, as I stated, some Linux distro's are already patched. This directly implied that not all have been and that, obviously, some will need patching. Fedora seems to have needed it and did so. How does that confuse you?
 
Joined
Feb 9, 2009
Messages
1,618 (0.29/day)
That lineageOS link doesn't open, however, and I couldn't find a reference in their current posts. Not saying that it's not there, just didn't find it myself. However, they may have proactively patched existing code with known fixes just in case. As for Fedora, as I stated, some Linux distro's are already patched. This directly implied that not all have been and that, obviously, some will need patching. Fedora seems to have needed it and did so. How does that confuse you?
link still works, or you could try an individual patch https://review.lineageos.org/#/c/193406/ then click the 'krak-n' topic

what i meant by fedora was that a distro known for being decently updated & secure didnt get the patch until after the huge disclosure

official google roms for pixel/nexus also didnt get it until november according to news articles, apple didnt until a similar delay with 11.1 instead of 11.0.3 or something

just seems odd for MS to have a fix months in advance, while at the same time the issue is a complex series of bugs left open after disclosure & only openbsd patched early
 
Joined
Jul 5, 2013
Messages
25,559 (6.52/day)
link still works, or you could try an individual patch https://review.lineageos.org/#/c/193406/ then click the 'krak-n' topic

what i meant by fedora was that a distro known for being decently updated & secure didnt get the patch until after the huge disclosure

official google roms for pixel/nexus also didnt get it until november according to news articles, apple didnt until a similar delay with 11.1 instead of 11.0.3 or something

just seems odd for MS to have a fix months in advance, while at the same time the issue is a complex series of bugs left open after disclosure & only openbsd patched early
I see what your saying now. And agreed, that seems a bit weird, even a tad iffy. Here at my home we just shut off the wifi until verified patches are available. It's made things a little interesting. After telling most of my neighbors about all of this, many of them have done the same.
 
Joined
Feb 9, 2009
Messages
1,618 (0.29/day)
I see what your saying now. And agreed, that seems a bit weird, even a tad iffy. Here at my home we just shut off the wifi until verified patches are available. It's made things a little interesting. After telling most of my neighbors about all of this, many of them have done the same.
https was supposedly fine, so it's as if you used open wifi or some restaurant with a shared key

boy it could have been much worse if it was a major protocol issue like WEP or if clients couldnt fix it
 
Joined
Mar 26, 2010
Messages
9,762 (1.91/day)
Location
Jakarta, Indonesia
System Name micropage7
Processor Intel Xeon X3470
Motherboard Gigabyte Technology Co. Ltd. P55A-UD3R (Socket 1156)
Cooling Enermax ETS-T40F
Memory Samsung 8.00GB Dual-Channel DDR3
Video Card(s) NVIDIA Quadro FX 1800
Storage V-GEN03AS18EU120GB, Seagate 2 x 1TB and Seagate 4TB
Display(s) Samsung 21 inch LCD Wide Screen
Case Icute Super 18
Audio Device(s) Auzentech X-Fi Forte
Power Supply Silverstone 600 Watt
Mouse Logitech G502
Keyboard Sades Excalibur + Taihao keycaps
Software Win 7 64-bit
Benchmark Scores Classified
I bet the NSA was sitting on this for a while, who knows what exploits they still have.

maybe, and theres no system that 100% safe or bug free
 
Top